//
// Source code recreated from a .class file by IntelliJ IDEA
// (powered by FernFlower decompiler)
//

package com.baomidou.kisso.web.interceptor;

import com.baomidou.kisso.SSOAuthorization;
import com.baomidou.kisso.SSOConfig;
import com.baomidou.kisso.SSOHelper;
import com.baomidou.kisso.annotation.Permission;
import com.baomidou.kisso.common.util.HttpUtil;
import com.baomidou.kisso.security.token.SSOToken;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.AsyncHandlerInterceptor;

import java.lang.reflect.Method;

public class SSOPermissionInterceptor implements AsyncHandlerInterceptor {
    private static final Logger log = LoggerFactory.getLogger(SSOPermissionInterceptor.class);
    private SSOAuthorization authorization;
    private String illegalUrl;
    private boolean nothingAnnotationPass = true;

    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        if (handler instanceof HandlerMethod) {
            SSOToken token = SSOHelper.attrToken(request);
            if (null == token) {
                return true;
            } else {
                return this.isVerification(request, handler, token) ? true : this.unauthorizedAccess(request, response);
            }
        } else {
            return true;
        }
    }

    protected boolean isVerification(HttpServletRequest request, Object handler, SSOToken token) {
        if (SSOConfig.getInstance().isPermissionUri()) {
            String uri = request.getRequestURI();
            if (uri == null || this.getAuthorization().isPermitted(token, uri)) {
                return true;
            }
        }

        HandlerMethod handlerMethod = (HandlerMethod)handler;
        Method method = handlerMethod.getMethod();
        Permission pm = (Permission)method.getAnnotation(Permission.class);
        if (pm != null) {
            if (pm.ignore()) {
                return true;
            }

            if (!"".equals(pm.value()) && this.getAuthorization().isPermitted(token, pm.value())) {
                return true;
            }
        } else if (this.isNothingAnnotationPass()) {
            return true;
        }

        return false;
    }

    protected boolean unauthorizedAccess(HttpServletRequest request, HttpServletResponse response) throws Exception {
        log.debug(" request 403 url: " + request.getRequestURI());
        if (HttpUtil.isAjax(request)) {
            HttpUtil.ajaxStatus(response, 403, "ajax Unauthorized access.");
        } else if (this.getIllegalUrl() != null && !"".equals(this.getIllegalUrl())) {
            response.sendRedirect(this.getIllegalUrl());
        } else {
            response.sendError(403, "Forbidden");
        }

        return false;
    }

    public SSOAuthorization getAuthorization() {
        return this.authorization;
    }

    public void setAuthorization(SSOAuthorization authorization) {
        this.authorization = authorization;
    }

    public String getIllegalUrl() {
        return this.illegalUrl;
    }

    public void setIllegalUrl(String illegalUrl) {
        this.illegalUrl = illegalUrl;
    }

    public boolean isNothingAnnotationPass() {
        return this.nothingAnnotationPass;
    }

    public void setNothingAnnotationPass(boolean nothingAnnotationPass) {
        this.nothingAnnotationPass = nothingAnnotationPass;
    }
}
